- Trending Categories
Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
How to manage secret values with docker-compose v3.1?
Introduction
As developers, we frequently need to incorporate private data into our applications, including passwords, API keys, and database credentials. Not only is it unsafe to hardcode these variables into our code or configuration files, but it can also be challenging to manage and change them when necessary.
Using environment variables, which let us keep sensitive data apart from our codebase and configuration files, is one method to manage secret values. In this article, we'll look at how to maintain secret values using docker-compose v3.1 and inject them as environment variables into our containers.
Prerequisites
To follow along with this tutorial, you will need to have Docker and docker-compose v3.1 installed on your machine. You can use the following commands in your terminal to see if you have these utilities installed −
$ docker --version $ docker-compose --version
Methods
There are several methods that we can use to manage secret values with docker-compose v3.1.
Some of these methods include the following −
Using environment variables
Using .env file
Let us discuss each of these in detail now with examples.
Using environment variables
One way to manage secret values with docker-compose v3.1 is to use environment variables. Environment variables are key-value pairs that are passed to a container at runtime. They can be set in the docker-compose file, or they can be passed in from the host machine.
Example 1
To set an environment variable in the docker-compose file, we can use the environment key under the service that we want to set the variable.
Step 1 − Navigate to your project directory in your code editor.
For using your terminal to navigate, use the following command −
$cd /directory-path
Step 2 − In your docker-compose.yml file, specify the environment key under the service that we want to set the variable.
version: "3.1" services: web: image: nginx:latest ports: - 8080:80 environment: - API_KEY=123456
Step 3 − Add the corresponding Dockerfile named “Dockerfile” in the same directory without the following content −
FROM nginx:latest EXPOSE 80 ENV API_KEY=123456
Step 4 − Run and build this docker-compose now by running the following command in the terminal −
$docker-compose up
Output
[+] Running 1/1 - Container examp2-web-1 Recreated 0.9s Attaching to examp2-web-1 examp2-web-1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration examp2-web-1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ examp2-web-1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh … examp2-web-1 | 2023/01/09 17:53:54 [notice] 1#1: start worker process 38 examp2-web-1 | 2023/01/09 17:53:54 [notice] 1#1: start worker process 39 examp2-web-1 | 2023/01/09 17:53:54 [notice] 1#1: start worker process 40
Using .env file
Another way to manage secret values with docker-compose v3.1 is to use a .env file. A .env file is a file that contains a list of key-value pairs that are passed to a container at runtime. The docker-compose file and the.env file must both be in the same directory.
Step 1 − Navigate to your project directory in your code editor.
Step 2 − Create a file called .env in your project directory.
Step 3 − To use a .env file with docker-compose v3.1, we can set the environment variables in the .env file using the api key command like this −
API_KEY=123456
Step 4 − Use the following command to run the .env file in the terminal.
$ cat .env
Output
API_KEY=123456
Step 5 − Create a docker-compose.yml file in the same directory and then reference these environment variables using the ${VAR_NAME} syntax −
version: "3.1"
services:
web:
image: nginx:latest
ports:
- 8080:80
environment:
- API_KEY=${API_KEY}
Step 6 − Use the following command in the terminal to output the contents of the docker-compose.yml file −
$ cat docker-compose.yml
Output
For Output Code pre classversion: "3.1"
services:
web:
environment:
- API_KEY=${API_KEY}
Step 7 − Run this file in the terminal using the terminal −
$ docker-compose up
Output
[+] Running 1/0 - Container examp2-web-1 Created 0.0s Attaching to examp2-web-1 examp2-web-1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration examp2-web-1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ examp2-web-1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh examp2-web-1 | 10-listen-on-ipv6-by-default.sh: info: IPv6 listen already enabled examp2-web-1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh examp2-web-1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh examp2-web-1 | /docker-entrypoint.sh: Configuration complete; ready for start up examp2-web-1 | 2023/01/09 18:04:52 [notice] 1#1: using the "epoll" event method examp2-web-1 | 2023/01/09 18:04:52 [notice] 1#1: nginx/1.23.3 examp2-web-1 | 2023/01/09 18:04:52 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) examp2-web-1 | 2023/01/09 18:04:52 [notice] 1#1: OS: Linux … examp2-web-1 | 2023/01/09 18:04:52 [notice] 1#1: start worker process 29 examp2-web-1 | 2023/01/09 18:04:52 [notice] 1#1: start worker process 30 examp2-web-1 | 2023/01/09 18:04:52 [notice] 1#1: start worker process 31 examp2-web-1 | 2023/01/09 18:04:52 [notice] 1#1: start worker process 32 examp2-web-1 | 2023/01/09 18:04:52 [notice] 1#1: start worker process 33
Conclusion
In this article, we have explored several methods for managing secret values with docker-compose v3.1. We can use environment variables, .env file, and Docker secrets to store and manage sensitive data in a secure manner. We also looked at various examples to implement the same. By using these methods, we can avoid storing secret values in plain text within our codebase and reduce the risk of security vulnerabilities.
- Related Articles
- How to Use Multiple Databases with docker-compose?
- Using docker-compose With Private Repositories
- Equivalent of Docker option --config in docker-compose
- Build a flask App using Docker Compose
- How to directly mount NFS share/volume in a container using Docker Compose v3?
- Top tips to manage docker containers from command line
- How to Improve Docker Image Size With Layers?
- Setting ulimit Values on Docker Containers?
- How to use Boto3 to create a secret key as plain text in AWS Secret Manager
- How to use Boto3 to get the secret keys saved as plain text from AWS Secret Manager
- How to use Boto3 to delete all secret keys from a specific location in AWS Secret Manager
- How to use Boto3 to update the secret keys from a specific location in AWS Secret Manager
- How to use Boto3 to store a new secret in a specific location in AWS Secret Manager
- How to Manage Stakeholder Engagement?
- How to Manage Pregnancy Incontinence?
